Sources close to investigating how NSA surveillance tools and zero-day exploits they used to end up in the hands of hackers say the service knew about losing them three years ago but was silent.
These sources reported to Reuters that a survey of service data published by a group called Shadow Brokers showed that the leak was already known by the NSA.
It also showed that the hack was not done on the service itself and that the leaked data did not come from informant Edward Snowden. According to the same sources, it seems that he came from one of the NSA executives who "forgot" them.
The US intelligence chief has left the NSA for other reasons. Sensitive tools were reportedly forgotten on an external server - possibly a bounce box - after an operation. The hackers then broke into the machine, broke into it and found themselves in front of sensitive NSA data. The NSA official informed his service after the incident, but did not warn companies such as Cisco that their customers were in danger.
The NSA silenced the event.
The most elegant chance-point of view for the fact is that the service kept this secret to see who would use them, watching the traffic on the Internet.
The other point of view that does not interest NSA is that it did not immediately disclose the theft of tools in order not to shut down companies affected by security gaps. If the second is true, the information service has preferred to put thousands of company customers at risk.
According to the US government, the guidelines state that if NSA estimates that the severity of zero-day defects is high, it finds and informs affected companies.
Read about the NSA hack
Edward Snowden: Why is NSA Hack Important?
Hacked the NSA's Equation Group
Can NSA steal Cisco VPN private keys?